Memory Reset Vulnerability in mem0 Server by mem0ai
CVE-2026-31242

9.1CRITICAL

Key Information:

Vendor: mem0ai
Status: mem0
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-31242?

The mem0 v1.0.0 server is vulnerable due to a lack of essential authentication and authorization controls for its memory reset functionality exposed via the DELETE /memories endpoint. An attacker can exploit this vulnerability by sending an unauthenticated DELETE request, which triggers a memory reset operation. This exploit can lead to the execution of a DROP TABLE SQL statement, resulting in the deletion of the entire memory database table. Consequently, this vulnerability can cause severe data loss and result in a complete denial of service for all users relying on this service.

References

https://github.com/mem0ai/mem0

https://www.notion.so/CVE-2026-31242-35d1e1393188819c9ebe...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31242 Data

JSON